Unpatched Lighttpd Flaw in Intel, Lenovo BMCs Risks Data Security

April 16, 2024
Unpatched Lighttpd Flaw in Intel, Lenovo BMCs Risks Data Security
  • A security flaw in the Lighttpd web server impacting BMCs remains unpatched by Intel and Lenovo.

  • The vulnerability was fixed by Lighttpd maintainers in 2018 but was missed by AMI MegaRAC BMC developers due to lack of a CVE identifier.

  • Affected Intel and Lenovo products contain an out-of-bounds read vulnerability, risking sensitive data exposure and security bypass.

  • Intel and Lenovo have not addressed the flaw because the affected products are now end-of-life and no longer receive security updates.

  • The situation highlights the dangers of outdated third-party components in firmware and the extended risk to the industry.

Summary based on 1 source


Get a daily email with more Tech stories

Source

Related Stories